Windows Firewall Control (WFC) by BiniSoft.org

Discussion in 'other firewalls' started by alexandrud, May 20, 2013.

  1. max2

    max2 Registered Member

    Joined:
    Sep 22, 2011
    Posts:
    363
    Sorry dumb question is WFC still trusted, with the latest version that has malwarebytes label on it, to use ?

    Or is another firewall better nowadays ?

    Thanks
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,140
    Location:
    Among the gum trees
    I use it. Why wouldn't it be trusted? It still has the same developer as it always had.
     
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,140
    Location:
    Among the gum trees
    How come as of today all of these rules plus many others have become invalid? I haven't received any Windows updates are far as update history shows anyway. Nor have I made any other changes.
     

    Attached Files:

    • WFC.PNG
      WFC.PNG
      File size:
      116 KB
      Views:
      36
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,140
    Location:
    Among the gum trees
    After a system restart I now only have one invalid rule. Very strange, to me anyway.
     

    Attached Files:

  5. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    617
    Location:
    Lunar module
    Who knows what firewall logs are located here? %systemroot%\system32\LogFiles\Firewall\pfirewall.log
     
  6. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    15,260
    Location:
    UK
  7. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,971
    Location:
    Romania
    It may be possible that you encountered a random crash in the WFC service. A service restart, or a computer restart, which restarts the service anyway, fixed it. WFC log may contain some info about this.
    This is an alternate way of logging WF connections instead of using Security Event log by enabling auditing of certain events. Not really useful.
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    8,140
    Location:
    Among the gum trees
    Do you mean, Event Viewer > Applications and Service logs > WFC ? I have a few of these entries the same or similar.
    Log Name: WFC
    Source: WFC
    Date: 22/09/2020 2:21:37 PM
    Event ID: 201
    Task Category: None
    Level: Warning
    Keywords: Classic
    User: N/A
    Computer: Dave-PC
    Description:
    Resolving the path of the program has failed.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="WFC" />
    <EventID Qualifiers="0">201</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2020-09-22T04:21:37.0800840Z" />
    <EventRecordID>81</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>WFC</Channel>
    <Computer>Dave-PC</Computer>
    <Security />
    </System>
    <EventData>
    <Data>Resolving the path of the program has failed.</Data>
    <Data>Input: \device\harddiskvolume2\windows\system32\apphostregistrationverifier.exe</Data>
    <Data>System.ArgumentException: Process with an Id of 10044 is not running.
    at System.Diagnostics.Process.GetProcessById(Int32 processId, String machineName)
    at System.Diagnostics.Process.GetProcessById(Int32 processId)
    at WindowsFirewallControl.Services.RulesService.ResolvePath(String input, Int32 processId)</Data>
    </EventData>
    </Event>
    Nothing else that I can see of interest. At this point I'm not too concerned but if I see it again I would like to see what happened.

    Thanks.
     
  9. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    617
    Location:
    Lunar module
    Who knows what firewall rules are implicitly written to the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent\Filter ?
    Can they be deciphered to make them understandable and friendly, or edited?
     
  10. Stukalide

    Stukalide Registered Member

    Joined:
    Jul 12, 2013
    Posts:
    57
    I can't for the life of me figure out why some connections aren't being allowed through despite having allow-rules enabled and no obvious "deny" rules in place that my override. It usually relates to Windows services, like installing apps from the Windows Store, and also issues with remote-access programs like "Your Phone" (Microsoft Windows) and "Samsung Flow".

    How can I figure out why something is being blocked? In the connections log, it's showing blocked entries for programs I've already set allow-rules for, yet they continue to get blocked. My assumption is that there must be another rule somewhere that is incorporating the block, but I'm not sure how to go about tracking down that source. Any ideas? TIA
     
  11. aldist

    aldist Registered Member

    Joined:
    Nov 8, 2017
    Posts:
    617
    Location:
    Lunar module
    Try to find the blocking rule here
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\AppIso\FirewallRules
    *******************************************************************************************************************************\Configurable\System
    *******************************************************************************************************************************\Static\System
     
  12. JR_not_Ewing

    JR_not_Ewing Registered Member

    Joined:
    Oct 1, 2020
    Posts:
    1
    Location:
    World
    Does anyone know how WFC (or the underlying Windows Firewall) deals with broadcast packets? They appear to be blocked, and I can't seem to write specific rules to allow/deny them, short of disabling the firewall altogether. Browsing the WFC documentation, I found nothing of use.
     
  13. jmjsquared

    jmjsquared Registered Member

    Joined:
    Jun 8, 2006
    Posts:
    2
    Location:
    New York
    I was concerned about the same thing when MWB first got involved, circa 2017. Alexandru Dicu, assured me that he was still the lead developer and would, as much as possible, make sure that WFC would remain the reliable Windows Firewall adjunct he created. (FYI, WFC is not a "firewall"; rather, it's a "frontend".) He's managed to do that, as witnessed by the regular updates, improvements, etc. By the way, did I mention that I'm a happy user? :)
     
  14. leduvir

    leduvir Registered Member

    Joined:
    Oct 22, 2020
    Posts:
    3
    Location:
    Jamaica
    hey hi hello!

    I use a VPN Killswitch set on Windows Firewall.

    But after enabling WFC it don't work anymore. Maybe is conflictant with the Network Profiles (Domain, Private and Public) of WF?

    I will be eternal thankful if someone can enlight this to me... The kilswitch setup I use is exactly this one: https://www.youtube.com/watch?v=_MWzL3YvHtU

    basically it set all profiles to block/block and only Public to block/allow.

    Then create two rules Inbound and Outbound allowing all programs to connect under especified IPs of my VPN server. You can check in video, it is well explained.


    But when I allow WFC to take care of firewall, instantaneously the killswitch stop working.
    As long as I didn't found any WFC forum, I'm checking for help here and in any other place that maybe somebody have a idea about it.


    Thks
     
    Last edited by a moderator: Oct 22, 2020
  15. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,971
    Location:
    Romania
    This is still true as of today. I am the only developer that touches WFC code. Unfortunately, I do not have the same free time to improve it as I had in the past because I am involved in the development of other Malwarebytes products.
     
  16. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,971
    Location:
    Romania
    Depending on which profile you use in WFC (Low, Medium) the outbound filtering of Windows Firewall is modified and will not match the settings that you are doing by the setup required by this VPN. Probably this causes "after enabling WFC it don't work anymore". It seems that this VPN is not very well integrated with Windows Firewall and has very strict rules and dependencies on Windows Firewall. For example, I am involved in Malwarebytes Privacy development which is a new VPN product from Malwarebytes and WFC works as expected (blocks, allows programs based on the existing firewall rules). It does not matter if I am connected to the VPN or not. It also has a Kill Switch functionality in which, when enabled, all network connections are blocked, no matter of the Windows Firewall rules or state. It also works if Windows Firewall is disabled.
     
  17. leduvir

    leduvir Registered Member

    Joined:
    Oct 22, 2020
    Posts:
    3
    Location:
    Jamaica
    Waw, thanks for being so quick and effective. Thanks for your time mr. Alexandru.
    the fact is that I'm not using this killswitch with SecureVPN. (not even using a VPN client application, but directly connecting from Windows 10 Ikev2 VPN feature)

    I know it is not a 'problem' from your software, I probably just need to tune it to work properly.
    So I'm trying to find out which settings should I customize to have the beautiful features of WFC as long as my very useful WF VPN Killswitch.
    in a few minutes I'll be doing a video on how the matter itself shows up to me in my machine.

    (PS.: I faced the same trouble with Glasswire which is another little firewall GUI for WF, but as they are shareware and not much interested in solving clients issues, I've just have to set the machine in which I use Glasswire without killswitch. Thats why I'm testing WFC in another).

    anyway, thank you so much again, for your precious time and patience. and for developing this amazing piece of software which is WFC.
     
  18. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,971
    Location:
    Romania
    Unfortunately, I do not have any VPN account with an username and password that I could try on my Windows 10 machine to be able to reproduce and debug this.
     
  19. leduvir

    leduvir Registered Member

    Joined:
    Oct 22, 2020
    Posts:
    3
    Location:
    Jamaica

    no problem, Mr Alexandru. I'll be happy to share mine with you for debugging purpose! after all I'll just change credentials it if you don't mind.

    We are also in touch by mail, so I'll send you there the credentials. thank you so much for your time and patience.


    edit:
    I've just sent you the video and credentials in your support@binisoft.org mail.

    Thank you so much for the patience of doing this troubleshoot with me!
     
    Last edited: Oct 22, 2020
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,122
    Location:
    The Netherlands
    BTW, I recently installed WFC on a friend's laptop and for the first time I saw the new Malwarebytes WFC, I still have an old version installed. But anyway, I couldn't see the buttons to allow outbound connections, have these been removed and if so why?
     
  21. foggyspider

    foggyspider Registered Member

    Joined:
    Oct 24, 2020
    Posts:
    1
    Location:
    USA
    https://i.imgur.com/xzvswU1.png
    I have a feature request. When creating/modifying rules the group is a textbox. Could a combo box (Text input + Drop down) be used instead? When using secure rules if you mistype the group name the rule will be deleted, and it would be much quicker to select the group from list of authorized groups. I use groups to categorize and sort my rules.
     
  22. Alpengreis

    Alpengreis Registered Member

    Joined:
    Oct 7, 2013
    Posts:
    538
    Location:
    Switzerland
  23. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,971
    Location:
    Romania
    These are still available in Rules Panel so that you can see the rules actually created.

    upload_2020-10-25_20-19-46.png

    The same buttons were removed from Main Panel because there was no room for them.
     
  24. alexandrud

    alexandrud Developer

    Joined:
    Apr 14, 2011
    Posts:
    1,971
    Location:
    Romania
    This would be indeed a good improvement. I will put in in the backlog and I will implement it for next WFC version.
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    13,122
    Location:
    The Netherlands
    OK thanks, but I believe this should be changed if possible, it's quite unhandy.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.